Or as the title states, I may be going about it the wrong way. I've created some fields in a table within phpmyadmin. I have a "post_id" as the unique identifier. Then fields or (rows) titled "first_name", "last_initial", "email", "feedback" and "approved".
It's for a testimonials page on a website. I've go things working properly then realized I needed to create a way for the site owner to approve comments before displaying them.
I'm new to php and mysql so this may be very simple for a lot of you on here. When I connect to the database on the testimonials page just above the form to input a testimonial, I'm calling all of the rows that have a value of "1" as this is the "approved" comments. By default when someone enters info into the form to submit a testimonial, that field is given a value of "0". Now on the back end, I'm connecting to the database and displaying all rows with the value of "0" in the fields.
I'm using an html table to display the fields and the last column of the table has a checkbox. Ideally, the site owner would click the checkboxes next to the comments they want to approve and click a submit button and only the checked boxes will be approved.
The problem I'm running into is when clicking submit and connecting the the php code that does this, I'm using the UPDATE function to change the value in the "approved" field from 0 to 1.
The problem I'm having is it is approving every comment because I'm not qualifying it somehow with the WHERE (function, statement, or whatever this is called.) And since this page is dynamic and will be displaying different comments for approval, there is really no unique identifier as I can tell.
I hope my ignorance on this subject hasn't confused you too badly and you'll be able to help me out.
I'm connecting to the database here......
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($con,"SELECT * FROM feedback WHERE approved = 0");
echo '
Submitted Comments
';echo '
';echo '
echo '
';echo '
First Name';echo '
Last';echo '
Email';echo '
Comment';echo '
Check';echo '
';while($row = mysqli_fetch_array($result))
{
echo '
';echo '
' . $row["first_name"].'';echo '
' . $row["last_initial"] . '';echo '
' . $row["email"] . '';echo '
' . $row["feedback"] . '';echo '
' . ''.'' . '';echo '
';}
echo '
';echo '';
echo '
';mysqli_close($con);
?>
That code displays the back end element where they would aprove the comments. The action is as follows:
Connecting to database here...
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
mysqli_query($con,"UPDATE feedback SET approved=1 WHERE approved='0'");
mysqli_close($con);
header("Location: http://redirecting to the back end page here");
?>
Everything is working fine except my WHERE part. I'm not sure what to put here or if I'm even calling the info from the database properly to make this work.
Any input you have will be greatly appreciated! Thanks!
解决方案
Use your database record's ID:
First in your form:
echo "";
Then in the handler:
$post_id = mysqli_real_escape_string($con, $_POST["post_id"]);
mysqli_query($con,"UPDATE feedback SET approved=1 WHERE post_id='$post_id'");
Edited to add obligatory SQL injection protection!
555
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
